Guido van Rossum wrote: >>What I am trying to nail down is exactly what needs doing to get us >>from where we are now to where capabilities actually work. As I >>understand it, what is needed is: >> >>a) Fix restricted execution, which is in a state of disrepair > > > Yes. > > >>b) Override import, open (and other stuff? what?) > > > Don't worry about this; it's taken care of by the rexec module; each > application will probably want to do this a little differently > (certainly Zope has its own way). I believe I heard way back that there was a lack of confidence rexec overrode everything that needed overriding - or am I getting mixed up with restricted execution? >>c) Wrap or replace some of the existing libraries, certify that others >>are "safe" > > > This should only be necessary for (core and 3rd party) extension > modules. The rexec module has a framework for this. > > >>It looks to me like a and b are shared with proxies, and c would be >>different, by definition. Is there anything else? Am I on the wrong track? > > > I don't know why you think (c) is different. Because with proxies you'd wrap with proxies, and with capabilities you'd wrap with capabilities. Or do you think there's a way that would work for both (which would, of course, be great)? Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4